Best Android security practices

Keeping your smartphone secure might not be the first thing on your mind when you pick up your new flagship from the store, but we keep an awful lot of personal information on our smartphones these days, so it’s best to be protected. Especially given recent scares about Android security code exploits and the number of online accounts that are compromised each year.

Here’s a short list of simple steps that you can take to keep your Android smartphone and your personal data secure.

Keep your phone up to date

Although Android updates don’t always appear regularly for non-Nexus smartphones, it’s always a good idea to install these updates when they come about. Since Google began providing monthly security updates for Android, protection against malicious exploits has improved a lot and it makes sense to keep as up to date with these patches as soon as possible to bolster your Android security.

Lock-screens and fingerprint scanners

You might be surprised to hear that around a third of smartphone users don’t bother to replace the standard swipe-to-unlock screen with something more secure. While it might prevent you from pocket dialling someone, this screen doesn’t offer any security barrier if you’re unfortunate enough to have your smartphone stolen. All Android devices offer up both PIN and character password lockscreen security options under the settings menu. Some smartphones have variations on the usual password formula, such as LG’s Knock Code which can unlock your phone by tapping places on the screen In a certain order.

If you own a modern flagship smartphone, you’re likely to have access to a fingerprint scanner too. This is perhaps the most efficient and secure method of securing your smartphone and it’s well worth spending a few minutes setting up the scanner to identify a few of your fingerprints, so that way you can unlock the phone with either hand.

Pick a decent password

Along with protecting basic access to your device, picking a strong secure password is the next go to step. We regularly hear about some of the seemingly silly and easily guessed passwords that people use to protect their accounts. Instead, you should be using a relatively long series of letters and numbers. No names, birthdays, or other codes that might be easy to remember but could be guessed by someone with the wrong intentions.

This doesn’t just apply to lock-screen security options, all of the passwords for your various online accounts should follow the same rules. In fact, the top security experts recommend that all of your online accounts should use unique passwords that don’t share a common connection. That way if one of your accounts is compromised, you won’t run the risk of having your other accounts exposed.

If keeping track of all of those passwords seems impossible, you can always turn to one of the few password management applications out there. Not only can these apps keep track of all your passwords using a single master password, but they can also automatically generate highly secure random codes that are much hardware to crack that commonly used memorable words. One of the most popular of these apps is LastPass, which works as a free web browser plug in or the paid for version can be used across your entire Android device, or 1Password and Dashlane Password Manager are also worth looking at.

Two-step authentication

Various online accounts and Android apps makes use of two-step authentication, which not only requires users to create a password, but also links their account to your phone number, a secondary email address, or even a dedicated app. If someone tries to access your account from a new device or attempts to change your password, they would also need access to the second-step of the authentication process, which makes it much more difficult to crack into. You’ll certainly be familiar with these types of processes if you’re making us of an Android banking app.

Google offers two-step authenticated for each time that you log into a new device with your account. If you want to enable it, just follow the instructions here. You can probably find similar settings for your email and social media services in their own account settings menus as well.

Don’t install apps from untrustworthy sources

Google does a very good job at keeping the Play Store free from malicious apps, but not every third party store or download service pays as much attention to these problems. Furthermore, pirating apps exposes your devices to malicious code that may have been injected into these apps, which could contain anything from extra data collection software to malware that might plague your handset with notifications and unwanted app installations. It’s best to stay well clear of these places if you can avoid it.

Of course, not every app that you download from a third party service is dangerous, some developers operate outside of the Play Store to offer beta software or to avoid some of Google’s rules. Just always double check that your download is coming from a verified source.

Remote phone wipe

While a password will help to keep out prying eye’s, it not too much consolation if your phone is stolen or lost. After all, it won’t feel good to know that your banking app data is sitting in someone else hands, even if it’s behind a password. If you’re ever faced with a situation where you know that you won’t see your phone again, it would be prudent to wipe all of your data from the device.

Fortunately, Google offers just such a service for free to all of its Android customers. Simply head over to Google’s Device Manager website and log into your account. From there you can select any of your devices. As long as your phone has access to the internet, you will be able to remotely call, lock or wipe the phone by logging into your account from another web browser. If you don’t like Google’s option, a number of other apps offer similar functionality.

Understanding app permissions

Although app permissions descriptions still remain rather vague, Android smartphones running Marshmallow have greater control than ever to manage these permissions. While it would be unreasonable to expect users to micro manage all of their apps all of the time, you can use this function to keep tabs on some key permissions that pose the greatest risks.

For example, don’t select “Always” for important functionality like ‘Send SMS’, as this could allow a compromised application to send paid-for-sms without user intervention. Likewise, ‘Camera’ or ‘Storage’ permissions might only be needed once in a while for certain apps, so only temporarily allowing these permissions each time you use them is a small extra click that might prevent unwanted snooping.

Make use of free online backups

So far we’ve dealt with trying to protect your data from prying eyes, but that’s not going to be too much consolation if you lose, break or have your phone stolen. What about all your pictures, contacts, and messages? Fortunately, free online backups are readily available, either automatically from Google or from a number of third party providers.

There’s good news if you haven’t found the time to backup some of your smartphone essentials yet, contacts (both phone and email), Gmail messages, and Google calendar entries are automatically associated with your Google account. So, if you buy a new phone or log into your account from a PC web browser, you can automatically pick up where you left off.

If you also want to protect your precious pictures, Google offers free unlimited pictures storage too. The free options shrinks down your images to a maximum of 16 megapixels in size using quite decent JPEG compression, which actually won’t affect the quality of a lot of smartphone pictures. Alternatively, you can use up part of your Google Drive storage to save pictures in their original size and format, although once you run out you will have to pay a monthly fee for additional online storage space. To use this feature, simply go into Google Photos (which comes pre-installed on all new phones), head into Settings and enable the slider under Back up & sync. You can then pick the folders to backup under the Device folders tab, and choose whether to backup using data or only when connected to WiFi.

Alternatively, DropBox and OneDrive are also popular online storage solutions that feature auto photo and video backup options, although these don’t offer the same free photo storage option that Google does and the amount of free storage available isn’t particularly generous.

Encrypt your handset

The last suggestion on our list is to make use of Android’s built in device encryption technology. Encryption can help to protect all of the data on your smartphone by essentially scrambling the data so that it can only be read by a user with the correct key or password. This means that you’ll have to enter a password every time that you start up your Android device, but other than that it won’t affect how you use your smartphone. However, if you purchase a new flagship smartphone that runs Android 6.0 Marshmallow, then you’ll find that encryption is already enabled by default.

It’s worth pointing out that device encryption is a one-way process on most Android smartphones, so you won’t be able to decrypt your phone without removing all of the data on it. Also, device encryption can slow down older Android smartphones, but most relatively new models won’t have any problems.

For additional information and if you want to encrypt your Android device, feel free to check out our guide:

Even if you don’t go through will all of these tips, just changing one or two habits can greatly increase the security of your Android device and the data that’s on it. Do you have any of your own security tips to offer?